--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch Wed Jan 29 11:12:07 2014 -0800
@@ -0,0 +1,14 @@
+--- openssl-1.0.1e/crypto/evp/e_aes.c Tue Jul 2 11:03:12 2013
++++ openssl-1.0.1e/crypto/evp/e_aes.c.new Tue Jul 2 11:04:56 2013
+@@ -574,8 +574,11 @@
+ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+ const unsigned char *in, size_t len)
+ {
++ size_t bl = ctx->cipher->block_size;
+ EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
++ if (len<bl) return 1;
++
+ if (dat->stream.cbc)
+ (*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt);
+ else if (ctx->encrypt)